| Oracle® Identity Manager Audit Report Developer's Guide Release 9.0 B28760-01 |
|
 Previous |
 Next |
| Oracle® Identity Manager Audit Report Developer's Guide Release 9.0 B28760-01 |
|
Previous |
Next |
Oracle Identity Manager includes audit and compliance reporting functionality that captures and archives entity and transaction data. This archived data is used for IT-centric process and forensic auditing, and compliance monitoring.
The archived data indicates which users have access to what information, the purpose of this access, and the means by which the information is made available. The entire lifecycle of the historical data can be recorded, including capture, transport, storage, retrieve, and removal. Data security is maintained at every part of the data lifecycle.
The historical data, reporting engine and interface are key infrastructure components used by other Oracle Identity Manager features and solutions. User profile audit, reports, and attestation are auditing features of Oracle Identity Manager with the audit and compliance modules. This guide includes details related to the User Profile Audit and Reporting. See the Oracle Identity Manager Administrative and User Console Guide for Attestation details.
This chapter introduces you to the following concepts related to auditing using Oracle Identity Manager:
Figure 1-1 shows the design components of the auditing process.
Figure 1-1 Design Components of the Auditing Process
Any action taken in the Oracle Identity Manager system translates into an application programming interface (API) call, or an MDB picking up a message to process some action.Multiple changes could originate from this one action. All associated changes are tied together into one Audit Transaction. Each API method that can modify data objects calls the startTransaction method on the Audit Engine at the beginning of the API and the endTransaction method at the end of the method call, defining the Audit Transaction boundaries. The Audit Engine generates a transaction ID that is used to identify all changes made in that transaction.
Oracle Identity Manager provides auditing and historical archiving of a user profile. The system takes a snapshot of a user profile and stores that snapshot to an audit table in the database. The system then updates the snapshot each time the user data changes.
Oracle Identity Manager includes standard reports for displaying archived data in addition to the capability for users to create customized reports to suit their specific needs.
Oracle Identity Manager comes configured to issue reports from a secondary data source. Out of the box, the software uses the primary data source for reporting, jdbc/xlDS. To prevent overloading the database that is used for transaction data to create reports, a new data source can be setup just for reporting. To use a secondary database, you need to configure replication of data or a scheduled backup and restore between the transactional data and the reporting database.
